At 16:37 06/02/01 -0600, Martin H Hoz-Salvador wrote:
>mouss wrote:
> >
> >
> > Are you sure it is the server that sends the RST and not the firewall?
> > fw1 has a long history in "unsupporting" ftp... so that might be a
> explanation.
> >
>
>Could you comment a bit more about this please?
if you search the list archive, you'll see many messages where FW1 breaks ftp
traffic.
it requires that traffic comes from port 20 (in active mode), but this is not
guaranteed on the internet.
if the guy is accessing an ftp server that is protected by a firewall or a
proxy,
the latter may use a random port.
The RFC interpretation debate is open: ckp say the RFC requires 20, other
believe that it is just a default, others say that security dictates that
20 should
not be imposed and that since the RFC is old, it is not important to try to
interpret it anyway.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
